1. Field of the Invention
This invention pertains in general to computer security, and more specifically to enforcing good network hygiene using reputation-based automatic remediation.
2. Description of the Related Art
Network Access Control (NAC) is a networking solution using a set of rules to define and implement a policy that describes how to secure access to a network by devices. NAC controls access of computers to a network by setting up policies for accessing the network. Typically, when a computer connects to a network, it is not permitted to access anything unless it complies with a set of rules (e.g., antivirus protection level, update installations, certain other system configurations, and so forth). While the computer is being checked for compliance with the rules, the computer can often only access resources that can remediate any issues before the computer is granted full network access. Once the computer has met the requirements, the computer is able to access network resources and the Internet, though access may still be limited for some clients that are not in full compliance as defined by the NAC policies. Where a client is granted only limited access, the NAC may impose limitations on what the client can do on the network, what the client can access, and so forth. One goal of NAC is to prevent access to the network by computers lacking security software, lacking the latest software patches, and having other limitations that make the computer a risk to the network. In this manner, the NAC can potentially prevent the spread of malware from a potentially infected computer via the network to other computers on the network.
NAC software currently relies on a hard set of rules to determine if an endpoint or client is in compliance with a network access policy before allowing access to the network. As described above, these rules include checks, such as whether antivirus software is enabled on the client, whether the malware definitions on the client are up-to-date, and other similar checks. If the client fails to meet one or more of the checks, the client may not be granted access to the network or may be given only limited access.
While these NAC rules are important, these rules do not address the complexities in determining more abstract states of clients. For example, even if the client has the appropriate security software installed and the available patches, the client might still generally have a tendency to take risky actions, download suspicious software, or become infected with malware in the future. The pre-set NAC rules used today are not capable of dynamically managing these more abstract and constantly changing states of computers when deciding whether or not to allow network access. Instead, the current NAC software is typically limited to determining whether or not a client complies with each of the pre-defined rules. The current NAC software does not look at degrees of compliance, review reputations of programs on a client, or consider overall behavior of a computer over time.
Therefore, there is a need in the art for a solution that enforces good network hygiene for clients using reputation-based automatic remediation.